1. Field
The present disclosure relates generally to the field of digital security, and more specifically to the configuration management of network activity detectors, including network activity detectors that detect malicious network activities.
2. Description of Related Art
The proliferation of computing and networking technologies has presented challenges in the field of digital security. For instance, one networked computer (i.e., a network node) may spread malicious computer data to other network nodes, and can inflict substantial system disruption across the network thereby causing economic loss.
Conventional digital security technologies include computer logic, generally embodied as “anti-virus programs” and/or “firewalls,” that reside at network nodes and that scan for digital security threats such as viruses, malware, worms, Trojan horses, and the like, in computer data. To maintain effective, a conventional digital security solution needs to be configured and managed (e.g., updated) properly. Configuration management of conventional digital security solutions often results in undesirable tradeoffs among efficacy, configurability, and scalability.
For instance, conventional digital securities technologies require updates, such as computer virus signature files, in order to maintain effectiveness against ever-changing digital security threats. The relatively large size of the typical computer virus signature file (i.e., 50 megabytes (“MB”) to 300 MB) reduces the scalability of conventional digital security systems in at least two ways. First, large updates utilize significant network bandwidth, and thus limit the number of installations and/or frequency of updates that may be supported by a given network infrastructure. Second, large updates require substantial data processing by a computer processor, and thus limit the types of network nodes that can support installations of conventional digital security technologies to those with sufficient processing power. Therefore, scalability is compromised.
Further, the need to ensure the authenticity of updates also encourages technical implementations in which a few entities (e.g., manufacturers of conventional digital security technology solutions) control the dissemination of updates to many network nodes. The resulting network architecture tend be flat in that many network nodes download updates from A few authorized servers. Such an architecture makes it difficult for an intermediate entity, such as the network administrator of a company, to provide configurations (i.e., updates) that are unique within the company's local network. Therefore, configurability is compromised.